A POST request is a request that submits data to be processed (e.g. from an HTML form) to the identified resource. The data is included in the body of the request. This may result in the creation of a new resource or the updates of existing resources or both. When a client sends a POST request to a resource of a secured server that requires a client certificate, the secured server cannot respond to the body of POST request from the client until the client either provides a client certificate and renegotiates the connection, or sends an indication that it is not going to do so. Thus, the client has no way of knowing how much of the request body has been received and discarded. As such, a secured server that requires client certificates typically aborts POST requests, if the request is the first one on a connection.
One solution involves the server buffering the entire request, and then sending the client certificate request. However, if the server is not in a position to buffer the entire request, the POST operation is aborted. Another solution involves configuring the server to always ask for a client certificate signed by a single certificate authority. One has to be able to control the server. However, it may not also be possible in the case where the server requires client certificates with more than a single signature authority.